Suspicious Trojan

tbtb2

The file(s) "infected.zip" attached is determined as a trojan bu AVG antivirus scanner.

It is not treated as a malware by my BD scanner.

Is it a malware?

---------------------------------------------------------------------------------

The other is a possible malware.

(vip[1].js.zip)

Is it a real malware?

Please reply to me as soon as possible.

/applications/core/interface/file/attachment.php?id=360" data-fileid="360" rel="">infected.zip

/applications/core/interface/file/attachment.php?id=361" data-fileid="361" rel="">vip_1_.js.zip

Niels

Hello kids

What you can do in the meantime before one of the virus researchers replies is uploading the files to this website: http://www.virustotal.com and post the resultt link. If it's only detected by AVG than it's in most cases a false positiv of Grisoft.

Regards

Niels

Cd-MaN

The first file is (npgmup.des) is clean and is part of some sort of game protection (http://eng.nprotect.com/nprotect_gameguard.htm).

The second file contains an exploit for unpatched Internet Explorer instances. Please see if you have an executable named vip[1].exe (most probably it should be in the Temporary Internet files) and send it to us for further analysis.

Best regards.

tbtb2

The first file is (npgmup.des) is clean and is part of some sort of game protection (http://eng.nprotect.com/nprotect_gameguard.htm).

The second file contains an exploit for unpatched Internet Explorer instances. Please see if you have an executable named vip[1].exe (most probably it should be in the Temporary Internet files) and send it to us for further analysis.

Best regards.

I cannot send you the original, but the only thing I can do is to give you the link that I have found and where the file(s) come from.

Hope this help.

-----------------------------------------------------------------------------------------------------------

* DO NOT VISIT THE WEBSITE(S) BELOW or YOUR COMPUTER/YOUR DATA WILL BE DAMAGED/LOST/STOLEN !*

<links removed>

*No virus if using firefox*

*There might be a malware downloaded if you use InternetExplorer to visit the website above, I won't bear the responsibility if any damage caused*

================================================================

The third one is the uploaded files.(Photo.zip)

A virus detected by most scanners, like Norton, AVG, Mcafee, AntiVir...etc, except some scanners including BitDefender...

(According to virustotal)

I hope the infomation above is helpful.

/applications/core/interface/file/attachment.php?id=365" data-fileid="365" rel="">photo.zip.zip

tbtb2

I cannot send you the original, but the only thing I can do is to give you the link that I have found and where the file(s) come from.

Hope this help.

-----------------------------------------------------------------------------------------------------------

* DO NOT VISIT THE WEBSITE(S) BELOW or YOUR COMPUTER/YOUR DATA WILL BE DAMAGED/LOST/STOLEN !*

<Links removed>

*No virus if using firefox*

*There might be a malware downloaded if you use InternetExplorer to visit the website above, I won't bear the responsibility if any damage caused*

================================================================

The third one is the uploaded files.(Photo.zip)

A virus detected by most scanners, like Norton, AVG, Mcafee, AntiVir...etc, except some scanners including BitDefender...

(According to virustotal)

I hope the infomation above is helpful.

Indeed, I would like to change the links above into "hxxp" to avoid others getting infected, but I do not have the permission to do so.

Please hide the links I posted if any one of you has the permission.

alexcrist

Hi kids,

I removed the links from your post. Also, I attached a txt file containing those links. In the future, you can do the same (write the links in Notepad, save the file and attach it to your post).

Cris.

Edit: On that site there is just one file (setup.rar). It contains a Dropper, already detected by BitDefender as Dropped:Trojan.Spy.HAKvip.A.

@kids: Probably this is what downloaded the other Trojan into your PC.

I've attached the archive with the virus (password: infected)

/applications/core/interface/file/attachment.php?id=366" data-fileid="366" rel="">links.txt

/applications/core/interface/file/attachment.php?id=367" data-fileid="367" rel="">Dropped_Trojan.Spy.HAKvip.A.zip

Cd-MaN

my-post-card.exe signed as Win32.Worm.VB.NLU. It drops three files, one of which is already detected with the same name. The other two are legimitate components and do not need to be detected.

Best regards.

tbtb2

my-post-card.exe signed as Win32.Worm.VB.NLU. It drops three files, one of which is already detected with the same name. The other two are legimitate components and do not need to be detected.

Best regards.

Oh my God....

This is my first day which my BD scanner can detect "my-post-card.exe" and even the BD scanner on virustotal did not detect it 2 days ago...

Cd-MaN

I'm not really sure what you've meant to say.

"<filename> signed" means that a signature (detection) was added (which didn't exists before), so it is normal that you BD started detecting it.

Best regards.

tbtb2

I'm not really sure what you've meant to say.

"<filename> signed" means that a signature (detection) was added (which didn't exists before), so it is normal that you BD started detecting it.

Best regards.

I see.

thanks.

Cd-MaN

My pleasure. If you have any other questions, don't hesitate to contact me.